Handling PHP form posts

Posted on 15 Jan 2010 by Luke Ehresman

It is very common to handle form posts at the top of a PHP script that prints HTML. This happens most frequently on CRUD
screens where a form will post back to itself to handle the updates. There are several reasons why this is not good practice including:

Page reloads. If the user reloads this page, the form will be resubmitted along with the post parameters. This will cause your script to execute the CRUD logic again, and also causes confusion with the end user.

Maintainability. This is doesn’t do proper separation of display and logic. In order to promote readable and maintainable code, it is usually best to keep all your processing functions separate from your display.

A better way to handle form posts is to create separate scripts to
handle the POST processing and the display. In my PHP sites, scripts that process a post are prefixed with an underscore and they use Location redirects with
the header() function. These scripts do not echo anything, they simply process the request and forward on to a display page. Usually, they will update session variables or save to the database.

Another convention I use is to never use SQL inside of the web
root. Since the POST scripts are inside my web root, this forces me to write classes to encapsulate all my database logic. In fact, most logic is encapsulated in classes to make unit testing easier.

Reworking our previous example above, I’ve created a script called “_authenticate.php” that a sign in form would post to. Notice it doesn’t display anything, and all SQL and authentication logic has been abstracted into the UserDao class.

Tebros Systems is a software incubator that creates
custom and hosted software solutions.

We are eager to solve difficult problems, create usable web apps, and make
your idea become reality. We have a wide range of experience from web
development to database optimization to usability analysis and more. Contact
us with your idea. We’ll walk you through a feasibility assessment and help
your project come to life.